FTP or File Transfer Protocol is a popular protocol for transferring data, files, and directories over networks. These networks can be our local network or the Internet. FTP is made up of simple mechanisms that allow it to be easy to implement and use. This tutorial covers information about FTP, e.g., port numbers, modes, etc.
What is the FTP port? TCP 21
The default FTP port is TCP 21. TCP is a transfer-level protocol that enables reliable data transfer between hosts. The FTP port can be changed easily, but most users prefer to keep the default setting to make the client’s job easier. FTP also uses TCP 20 under certain conditions, which is explained in detail in the following steps.
FTP port Connections in Active and Passive Mode
FTP offers two main working modes. Active mode, is mainly used with TCP 21 to control and transmit TCP 20 data. These standard port numbers can be accessed through network security devices such as firewalls, IPS / IDS, etc. Passive mode is used to connect port numbers greater than 1024 for control and data transfer.
FTP port Connection in Active Mode
Active mode is the simplest mode of FTP. It uses two ports for control and data. You can use TCP 21 for the FTP commands and use TCP 20 for FTP the data. The data transfer takes place via TCP 20.
FTP Port Passive Connection
In detail, some network devices prevent and block ports below 1024. Therefore, the FTP protocol offers a workaround called passive mode. In passive mode, connections are first made to TCP 21 for commands; then, the server opens 2 ports at 1024 number one for the command and one for the data.
For example, if the command port is 2000, the data port is 2001. The server binds these ports to TCP 21 and TCP 20 as normal command ports and data ports. To activate a passive mode, the PASV command must be according to the PORT command during FTP Connection issued.
As a simple protocol, FTP has many clients for various operating system families such as Windows, Linux, macOS, BSD, and various types of graphical interfaces such as command line, web, desktop, and mobile. Below is a tutorial on FTP commands.
Secure FTP Port
As mentioned above, FTP does not offer transmission security like standard encryption, but we can solve this problem in other ways.
SSH offers FTP as a sub-protocol called SFTP. SFTP works and an SSH connection, which is an encrypted connection. For more information about SFTP, see the following tutorial.
Differences Between Connecting to FTP and FTPS ports
The main difference between using FTP and FTPS ports is the security behavior expected of clients and servers that communicate through them. A server that receives a request on port 990 immediately performs an SSL negotiation because the connection via this port implies the desire for a secure connection (implicit security).
Control connections made through port 21 require an additional AUTH command to invoke security (called explicit security because the client must explicitly request that the connection be secured).
Cerberus FTP server : Management of Cerberus FTP ports
Depending on the type of secure file transfer protocol you want to use, you may need to configure your server to accept traffic across different ports. Here is an overview of the data and control ports that are commonly used for FTP and FTP connections over TLS / SSL (commonly referred to as FTPS).
The Control Connection
The control connection is always the first connection that is established with an FTP server. The purpose of the control connection is to allow clients to connect and send commands to the server and receive responses from the server.
- Port 21 is considered the standard control connection port for FTP connections.
- Port 990 is the accepted standard control connection port for FTPS.
The use of these standard ports is not mandatory: the administrator can change the listener so that any free port on the system is used as the listening port. However, if the administrator runs a software firewall, he must ensure that [incoming] connections on the port selected for the control connection are not blocked. If the port that an FTP or FTPS server is listening on is blocked, no one can see the FTP server or connect.
The second type of connection is called a data connection. This is the connection over which an FTP server exchanges file lists and transfers files. When an FTP client uses the control connection to request an FTP server to send a list of files or to transfer a file, the actual data exchange takes place over the data connection. When it comes to a data connection, most confusion and problems usually occur for FTP server administrators.
- Port 20 is the most common data connection port for FTP.
- Port 989 is the standard data connection port that is accepted for FTPS